Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Collabtive 多个跨站脚本漏洞
Vulnerability Description
Collabtive是一套基于Web的项目管理系统。该系统提供项目管理、文件管理、时间跟踪等功能。 Collabtive 0.65版本中存在多个跨站脚本漏洞。远程攻击者利用这些漏洞通过(1)编辑用户配置文件功能中的User参数传送到manageuser.php脚本(2)newcal操作中的y参数传送到manageajax.php脚本以及(3)pic参数传送到thumb.php脚本,注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A